Uninstall email notification when a user removes the DNSFilter roaming client
launched
Steve Staden
launched
Voters, after talking with customers on this issue it seemed the challenge was providing visibility into the uninstalling of the DNSFilter roaming client. To that extent, we have introduced the RC Uninstall Notification to help give that visibility - https://dnsfilter.canny.io/changelog/november-08-2022-app-release. We will be releasing the same RC Uninstall Notification capability for macOS later in November.
We know this may not address everyone's needs so I've created two new requests to track that:
- Prevent uninstall on Windows RC - https://dnsfilter.canny.io/feature-requests/p/prevent-dnsfilter-uninstall-on-windows-rc.
- Prevent uninstall on macOS RC - https://dnsfilter.canny.io/feature-requests/p/prevent-dnsfilter-uninstall-on-macos-rc
I'm going to update the title and close out this request. If you would like to discuss this request or any requests please feel free to reach out to me - https://calendly.com/sstaden-dnsfilter/30min.
Jack Taugher
Steve Staden: this isn’t completed - sounds like you can’t protect an uninstall, but alert on an uninstall?
Nachman Weiss
Steve Staden: Perhaps you could Create a new request called "get notified when agent has been uninstalled" and mark that as complete! i just don't get it!
Aber
Steve Staden: You changed the title and marked it as complete?? How twisted is that?
Nachman Weiss
Aber: i hope it can still get untwisted !
Bill
Can we install the roaming agent with a which so it doesn't show up in the system tray and doesn't show up in ARP. That way the user doesn't have an easy way to uninstall. msiexec /qn /i ".... TRAYICON="disabled" ARPSYSTEMCOMPONENT=1"
Can you compile an uninstaller with a password that when entered just runs... wmic product where ""name like "%DNS Agent%" CALL UNINSTALL
VIKRANT
Bill:Mikey Pruitt can we consider something like this.
Mikey @DNSFilter
Bill, yes you can use several command line switches during install already.
TAGS
, HOSTNAME
, TRAYICON
, ARPSYSTEMCOMPONENT
(as you mentioned), and LOCALDOMAINS
. View our help docs for more info.I'm not familiar with suggestion #2. Would that just pop up a vanity fake password? I'll run this by our dev teams.
Mikey @DNSFilter
Merged in a post:
Tamper Protection
Pandya,
This is a security tool and one of the biggest issue we have is technicians uninstalling the software at will. We can use a password or switch.
Mikey @DNSFilter
Hi Pandya, thanks for the feedback. It's difficult to prevent admin users on a device from performing admin level tasks like uninstalling software. It's been done but not without deep connections into the operating system which are potential security vulnerabilities.
There is already a request to password protect uninstall of the roaming client so I will merge your request there.
Thank you again for taking the time to provide your feedback.
Patrick Laughlin
While the below method is helpful this would only apply in a traditional AD environment. Nearly all security software and filtering tools have an uninstall password. Also, if it is a personal device you may want to allow the user to remove and provide the password but this is not easy if you do not add it into the control panel programs and features.
Mikey @DNSFilter
Hello voters, thanks for all the feedback so far on the topic of preventing removal of our software. To help a bit, we have a new article in our knowledge base outlining some methods that can be utilized to reduce the likelihood of removal. The section is titled "Preventing Circumvention in the Windows Roaming Client". We hope you find it helpful while we look further into a password option.
Jean-Pierre
This request still being Investigated, would be a great addition to DNS Filters feature set.
Mihir
You can use ARPSYSTEMCOMPONENT=1 switch when doing an install and it will hide it from the Control Panel (appwiz.cpl) and I think there is also another switch for hiding the DNS Filter tray icon as well.
Mikey @DNSFilter
under review ( scoping )
We are reviewing what is possible to implement an uninstall password. The only solutions we've seen that prevent device administrator accounts from uninstalling involve kernal hacking.
There is a solution already if you are using Active Directory and our Windows Roaming Client using group policies. We are creating documentation to assist with this setup now.
Joe Jones
Mikey @DNSFilter: I would think there would be a way as every Anti-virus I have every managed has this ability. Of course there are always ways around it.
Mikey @DNSFilter
Joe Jones: Yes, Anti-virus software is what we've been researching. Thanks for posting. We will continue to update you on what we learn.
Reginald Chan
Mikey @DNSFilter: i do not have AD on this network as i have a mix of operating systems
Faisal
Mikey @DNSFilter: Any update on this
Mikey @DNSFilter
Faisal: No solid updates yet but we are still investigating.
Mikey @DNSFilter
Merged in a post:
Uninstall Password
William Hunt
Ability to set uninstall password for roaming clients to avoid end user removal of the client.
Load More
→